Add option to check password on Have I Been Pwned.

[dracos]

If switched on, sends first five letters of the SHA1 hash of the entered
password to HIBP's API, which then returns all matching hashes in their
database of breached passwords. If we find a match, tell the user they
need to pick a different password.

Questions to answer - leave it like this, or if the count is very low, allow it to go through anyway? (Read the count section of https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ for background)
Future work - could on login check password against this and alert the user to change it if present?

[codecov]

Codecov Report

Merging #3095 into master will increase coverage by 0.01%.
The diff coverage is 95.83%.

@@            Coverage Diff             @@
##           master    #3095      +/-   ##
==========================================
+ Coverage   83.26%   83.27%   +0.01%     
==========================================
  Files         248      248              
  Lines       15559    15575      +16     
  Branches     2909     2910       +1     
==========================================
+ Hits        12955    12970      +15     
  Misses       1676     1676              
- Partials      928      929       +1     

Impacted Files	Coverage Δ
perllib/FixMyStreet/App/Controller/Auth.pm	84.81% <95.83%> (+0.49%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d597f50...9a12c0d. Read the comment docs.